🚨 Everything you need to know about CodeBreach with Yuval Avrahami

On this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen sit down with Wiz researcher @Yuval Avrahami to unpack a major supply-chain flaw that put cloud environments at risk ↓

- Misconfigured CodeBuild instances used by AWS themselves
- One small regex mistake, huge consequences
- How an SDK used by the AWS Console could have been hijacked (!)
- The CI/CD controls that can mitigate this risk


CodeBreach: Hijacking the AWS Console with Yuval Avrahami

🎙️ Shai-Hulud, Shai-Hulud 2.0,  are you keeping up?

In this episode of Crying Out Cloud, Eden Koby Naftali & Amitai Cohen go deep into real-world cloud security incidents ↓

1) How Shai-Hulud evolved into Shai-Hulud 2.0
2) A vulnerability affecting Apache Tika
3) React2Shell and its implications
4) Gogs zero-day explained

You DONT want to miss this! This is a technical, concrete conversation focused on how attacks actually happen, how they evolve, and what defenders need to understand to keep up.

React2Shell, Shai-Hulud 2.0, Gogs Zero-Day & Tika RCE

🎙️ AI is changing the rules of cyber, are you keeping up?

@Eden Naftali goes live with leading voices in cloud security:
@Ryan Nolette (AWS), @John Miller (Google Cloud), and @Alon Schindel (Wiz). This episode is essential listening for anyone defending at cloud scale. 👇

🔍 Inside ↓
1) How AI is supercharging attacker tactics — from hyper-variable phishing to rapid exploit generation
2) The rise of "AI slop" and why it's burning analysts' time
3) Emerging AI bug-hunters — what they can (and can't) do

Live Talk: Security Minds from Google Cloud, AWS & Wiz

Join our lively hosts, Eden and Amitai, as they explore the most fascinating cloud security news of the month.
On this episode:

🧃🔗 More juice on 3CX supply chain attack
✂️💔 PaperCut vulnerabilities
📦🔓 Capita exposed a bucket with sensitive data for 7 years
🚗☁️ Toyota cloud misconfiguration leaked customer data for 10 years
🚢🔄 Trend of hijacking containers for traffic routing

#4 - Daisy Chain: A Double Supply Chain Attack

Resources

More episodes

CodeBreach: Hijacking the AWS Console with Yuval Avrahami

React2Shell, Shai-Hulud 2.0, Gogs Zero-Day & Tika RCE

Live Talk: Security Minds from Google Cloud, AWS & Wiz

Crying Out Cloud Newsletter